10b4205417
With Docker >= 1.13.1 the default the default FORWARD chain policy is configured to DROP, for the l3 agent to function as expected and VMs reach the outside world correctly this needs to be set to ACCEPT. Change-Id: I6bea3304f5eb4ab6b37283e94e20cda7e4119a44
32 lines
1.3 KiB
Bash
Executable File
32 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2017 The Openstack-Helm Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
set -xe
|
|
|
|
# Assign IP address to br-ex
|
|
OSH_BR_EX_ADDR="172.24.4.1/24"
|
|
OSH_EXT_SUBNET="172.24.4.0/24"
|
|
sudo ip addr add ${OSH_BR_EX_ADDR} dev br-ex
|
|
sudo ip link set br-ex up
|
|
|
|
# NOTE(portdirect): With Docker >= 1.13.1 the default the default FORWARD chain
|
|
# policy is configured to DROP, for the l3 agent to function as expected and
|
|
# VMs reach the outside world correctly this needs to be set to ACCEPT.
|
|
sudo iptables -P FORWARD ACCEPT
|
|
|
|
# Setup masquerading on default route dev to public subnet
|
|
DEFAULT_ROUTE_DEV="$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')"
|
|
sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_ROUTE_DEV} -s ${OSH_EXT_SUBNET} -j MASQUERADE
|